[Michael]

I did some user password protection on a forum I wrote for the fun of it. I boils down to this after remove the mysql and encryption. I can add them back in if you like

$username = "username"; 
// The user name eg "ScHwErV_Family"
$password = "password"; 
// The password
// You can pull this from MYSQL as well. I will post the code if you like.

if(isset($_POST['username']) && isset($_POST['password'])){ 
//user name and pass word was sent 

if($_POST['username'] == $username && $_POST['password'] == $password){
//they are correct

$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password']
//set the session data
}

}

if(isset($_SESSION['username']) && isset($_SESSION['password]) ){ 
//session data set be the above or from a previous visit to the server

//the page content is put here.

} else {
//the session is not set we need them to log in

echo('
	<form class="post" action="" method="POST">	
	<div>Username:<div><input type="text" name="username"></div></div>
	<div>Password:<div><input type="password" name="password"></div></div>
	<input type="submit" value="Login">
	</form>
');

}

If I did not have projects coming out my ears, I would join this one. What you did looks really nice thenotch.

Edited by Michael, 02 December 2006 - 01:48 AM.

[Advertisements]

So this is a session password that will have to be placed into every page right? Ive not done password protection in the past so I will need a little help wrapping my head around what you have done.

Before we go too much further, will it be possible to keep this script in flatfile database or should we move to sql before we go any further?

Adding editing and passwords might be best to move to mysql.

Thoughts?

[ScHwErV]

So this is a session password that will have to be placed into every page right? Ive not done password protection in the past so I will need a little help wrapping my head around what you have done.

Before we go too much further, will it be possible to keep this script in flatfile database or should we move to sql before we go any further?

Adding editing and passwords might be best to move to mysql.

Thoughts?

[Michael]

Yes it would have to go on ever page you need password protected. Or you could use variables select an include, but I not sure that is a great idea as I don't know the security risks. If you don't do that I would put the first part in an include since it would be the same for every page.

You could keep it flat file. Even with the passwords, you keep them md5 encrypted and use the form

username:password

I have the idea this would be compatible with the .htaccess method of storing user names and passwords, but I not and expert on that.

Another reason I not getting involved too much is I will be at the Beach on holidays for 10 days without computer access starting tomorrow.

Edited by Michael, 02 December 2006 - 04:23 PM.

[ScHwErV]

I am kinda hoping to hear from magosis or magilla or one of the other PHP scripting/mysql gurus before we go too much further. If all the functionality that we want to add to the script will be too difficult, I would rather make the move to SQL vs Flatfile before we go further.

[Magilla]

Well, I prefer to use SQL over flatfile. SQL has a password function that can take care of storing encrypted passwords for you. Also, the SQL schema is easier to modify than a large flatfile (as far as I'm concerned, anyway)...

[ScHwErV]

MySQL is free and available on almost every webhost who has PHP, so I don't think its bad to go to an SQL database. Lets make that switch now.

If all else fails, people could always use the free sql hosts, its not like christmas lists are a function of national security.

[ScHwErV]

So that this doesn't go dead, Im going to bump it.

thenotch is working on making the site look good. If you want to see a full screen peek at what he has, he has it linked from his subdomain. http://thenotch.geekstogo.com Its lookin awesome.

I talked to magilla and he was going to look into password protection and was willing to help out a little with the project.

Anyone have time to set up the sql portion with adding/editing/deleting entries?

[ScHwErV]

Talking to myself here as evident by the triple post. Should I just give up until after xmas?

Just wondering if anyone is working in any part. I should have some time this week as most of the kids will be leaving for winter break. If no one is working on anything (except thenotch doing design), Ill start on something, I just need to know so that were not duplicating efforts.

[thenotch]

I'm sort of waiting to see what the others input as to input the proper code into the design.

I'm gonna tweak what I have already... just some little things...

I'm thinking the holidays are taking up a lot of folks time.
Mine starts to be at a premium here starting this week so I would most likely say that this project will go on well after Christmas.

[ScHwErV]

I know for sure that I would like to do a single textbox for the gift list input. Since password protection isnt my thing, Ill start creating the database this week, that way Ill have input and output stuff ready for when you get un-busy from the holidays.

If we want to add editing, or any other functions, the first page will have to just have to add buttons I believe.

[Michael]

I will add the password stuff, I just need to know if you want one user such as "ScHwErV family" or one user for every family member. And if so do you want to add the users, or have them sign up them selves. Also how high password encryption do you want. No incription, incripted but still possible to recover the password if needed, or just supper encrypted.

I see the single text box thing as simple, I will help with that too if you want.

PS one of my pages with the password protection
http://testomoz.org/...s/gallery/admin

[ScHwErV]

It would be great if they could register themselves (with admin approval?). I don't think a lot of encryption is necessary, just something simple. Someone's grandma may end up using this

The text box is simple and having it recognize carriage returns is easy enough. Ill start working on that and creating the database yet this week. Tomorrow I may have time to get started.

Notch, whats the easiest way for us to get you the code for your design? Blank page with the forms that you can just cut/paste?

[Michael]

You will not need the First and Last name or email in the add to list page. Since you will have that info from the user sign up

[ScHwErV]

Excellent, I didn't think of that.

I gotta figure out how I wanna do the editing also.. but we will cross that bridge when we come to it. Its best that we get this part done first.

[thenotch]

Notch, whats the easiest way for us to get you the code for your design? Blank page with the forms that you can just cut/paste?

That would probably be the easiest way..